Remove SRP code. It contains a bug (this should not surprise anyone), but

the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
author: tedu <> 2014-07-28 17:57:18 +0000
committer: tedu <> 2014-07-28 17:57:18 +0000
commit: 9bf4aaa7e0515aa08e8a462348fc47d3fec0e831 (patch)
tree: 808724802a47d43670e8dfd6f6050aba39dcf93e /src/lib/libcrypto/srp/srp_lib.c
parent: 224cc55e7b0aa21110d14dd564e88e13893a294e (diff)
download: openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.tar.gz
openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.tar.bz2
openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.zip
1 files changed, 0 insertions, 376 deletions
diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c
deleted file mode 100644
index 1e96adc6a3..0000000000
--- a/src/lib/libcrypto/srp/srp_lib.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/* $OpenBSD: srp_lib.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_SRP
-#include <openssl/evp.h>
-#include <openssl/srp.h>
-#include "srp_lcl.h"
-#if (BN_BYTES == 8)
-# if defined(_LP64)
-#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
-# else
-#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
-# endif
-#elif (BN_BYTES == 4)
-# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
-#else
-# error "unsupported BN_BYTES"
-#endif
-#include "srp_grps.h"
-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
-        {
-        /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
-        unsigned char digest[SHA_DIGEST_LENGTH];
-        unsigned char *tmp;
-        EVP_MD_CTX ctxt;
-        BIGNUM *ret = NULL;
-        int longg;
-        int longN = BN_num_bytes(N);
-        if ((tmp = malloc(longN)) == NULL)
-                return NULL;
-        BN_bn2bin(N,tmp);
-        EVP_MD_CTX_init(&ctxt);
-        if (!EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL))
-                goto err;
-        if (!EVP_DigestUpdate(&ctxt, tmp, longN))
-                goto err;
-        memset(tmp, 0, longN);
-        longg = BN_bn2bin(g,tmp);
-        /* use the zeros behind to pad on left */
-        if (!EVP_DigestUpdate(&ctxt, tmp + longg, longN-longg))
-                goto err;
-        if (!EVP_DigestUpdate(&ctxt, tmp, longg))
-                goto err;
-        if (!EVP_DigestFinal_ex(&ctxt, digest, NULL))
-                goto err;
-        ret = BN_bin2bn(digest, sizeof(digest), NULL);  
-err:
-        EVP_MD_CTX_cleanup(&ctxt);
-        free(tmp);
-        return ret;
-        }
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
-        {
-        /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-        BIGNUM *u;      
-        unsigned char cu[SHA_DIGEST_LENGTH];
-        unsigned char *cAB;
-        EVP_MD_CTX ctxt;
-        int longN;  
-        if ((A == NULL) ||(B == NULL) || (N == NULL))
-                return NULL;
-        longN= BN_num_bytes(N);
-        if ((cAB = reallocarray(NULL, 2, longN)) == NULL) 
-                return NULL;
-        memset(cAB, 0, longN);
-        EVP_MD_CTX_init(&ctxt);
-        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-        EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN);
-        EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN);
-        free(cAB);
-        EVP_DigestFinal_ex(&ctxt, cu, NULL);
-        EVP_MD_CTX_cleanup(&ctxt);
-        if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
-                return NULL;
-        if (!BN_is_zero(u))
-                return u;
-        BN_free(u);
-        return NULL;
-}
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N)
-        {
-        BIGNUM *tmp = NULL, *S = NULL;
-        BN_CTX *bn_ctx; 
-        
-        if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
-                return NULL; 
-        if ((bn_ctx = BN_CTX_new()) == NULL ||
-                (tmp = BN_new()) == NULL ||
-                (S = BN_new()) == NULL )
-                goto err;
-        /* S = (A*v**u) ** b */ 
-        if (!BN_mod_exp(tmp,v,u,N,bn_ctx))
-                goto err;
-        if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx))
-                goto err;
-        if (!BN_mod_exp(S,tmp,b,N,bn_ctx))
-                goto err;
-err:
-        BN_CTX_free(bn_ctx);
-        BN_clear_free(tmp);
-        return S;
-        }
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
-        {
-        BIGNUM  *kv = NULL, *gb = NULL;
-        BIGNUM *B = NULL, *k = NULL;
-        BN_CTX *bn_ctx;
-        if (b == NULL || N == NULL || g == NULL || v == NULL ||
-                (bn_ctx = BN_CTX_new()) == NULL)
-                return NULL; 
-        if ( (kv = BN_new()) == NULL ||
-                (gb = BN_new()) == NULL ||
-                (B = BN_new())== NULL)
-                goto err;
-        /* B = g**b + k*v */
-        if (!BN_mod_exp(gb,g,b,N,bn_ctx) ||
-           !(k = srp_Calc_k(N,g)) ||
-           !BN_mod_mul(kv,v,k,N,bn_ctx) || 
-           !BN_mod_add(B,gb,kv,N,bn_ctx))
-                {
-                BN_free(B);
-                B = NULL;
-                }
-err:
-        BN_CTX_free(bn_ctx);
-        BN_clear_free(kv);
-        BN_clear_free(gb);
-        BN_free(k); 
-        return B;
-        }
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
-        {
-        unsigned char dig[SHA_DIGEST_LENGTH];
-        EVP_MD_CTX ctxt;
-        unsigned char *cs;
-        if ((s == NULL) ||
-                (user == NULL) ||
-                (pass == NULL))
-                return NULL;
-        if ((cs = malloc(BN_num_bytes(s))) == NULL)
-                return NULL;
-        EVP_MD_CTX_init(&ctxt);
-        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-        EVP_DigestUpdate(&ctxt, user, strlen(user));
-        EVP_DigestUpdate(&ctxt, ":", 1);
-        EVP_DigestUpdate(&ctxt, pass, strlen(pass));
-        EVP_DigestFinal_ex(&ctxt, dig, NULL);
-        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-        BN_bn2bin(s,cs);
-        EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
-        free(cs);
-        EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
-        EVP_DigestFinal_ex(&ctxt, dig, NULL);
-        EVP_MD_CTX_cleanup(&ctxt);
-        return BN_bin2bn(dig, sizeof(dig), NULL);
-        }
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
-        {
-        BN_CTX *bn_ctx; 
-        BIGNUM * A = NULL;
-        if (a == NULL || N == NULL || g == NULL ||
-                (bn_ctx = BN_CTX_new()) == NULL) 
-                return NULL;
-        if ((A = BN_new()) != NULL &&
-           !BN_mod_exp(A,g,a,N,bn_ctx))
-                {
-                BN_free(A);
-                A = NULL;
-                }
-        BN_CTX_free(bn_ctx);
-        return A;
-        }
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u)
-        {
-        BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL , *k = NULL, *K = NULL;
-        BIGNUM *ret = NULL;
-        BN_CTX *bn_ctx;
-        if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL || a == NULL ||
-                (bn_ctx = BN_CTX_new()) == NULL)
-                return NULL; 
-        if ((tmp = BN_new()) == NULL ||
-                (tmp2 = BN_new())== NULL ||
-                (tmp3 = BN_new())== NULL ||
-                (K = BN_new()) == NULL)
-                goto err;
-        
-        if (!BN_mod_exp(tmp,g,x,N,bn_ctx))
-                goto err;
-        if (!(k = srp_Calc_k(N,g)))
-                goto err;
-        if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx))
-                goto err;
-        if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx))
-                goto err;
-        if (!BN_mod_mul(tmp3,u,x,N,bn_ctx))
-                goto err;
-        if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx))
-                goto err;
-        if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx))
-                goto err;
-        ret = K;
-        K = NULL;
-err :
-        BN_CTX_free(bn_ctx);
-        BN_clear_free(tmp);
-        BN_clear_free(tmp2);
-        BN_clear_free(tmp3);
-        BN_free(k);
-        BN_clear_free(K);
-        return ret;     
-        }
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
-        {
-        BIGNUM *r;
-        BN_CTX *bn_ctx; 
-        int ret = 0;
-        if (B == NULL || N == NULL ||
-                (bn_ctx = BN_CTX_new()) == NULL)
-                return 0;
-        if ((r = BN_new()) == NULL)
-                goto err;
-        /* Checks if B % N == 0 */
-        if (!BN_nnmod(r,B,N,bn_ctx))
-                goto err;
-        ret = !BN_is_zero(r);
-err:
-        BN_CTX_free(bn_ctx);
-        BN_free(r);
-        return ret;
-        }
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
-        {
-        /* Checks if A % N == 0 */
-        return SRP_Verify_B_mod_N(A,N) ;
-        }
-/* Check if G and N are kwown parameters. 
-   The values have been generated from the ietf-tls-srp draft version 8
-*/
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
-        {
-        size_t i;
-        if ((g == NULL) || (N == NULL))
-                return 0;
-        srp_bn_print(g);
-        srp_bn_print(N);
-        for(i = 0; i < KNOWN_GN_NUMBER; i++)
-                {
-                if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) 
-                        return knowngN[i].id;
-                }
-        return NULL;
-        }
-SRP_gN *SRP_get_default_gN(const char *id)
-        {
-        size_t i;
-        if (id == NULL) 
-                return knowngN;
-        for(i = 0; i < KNOWN_GN_NUMBER; i++)
-                {
-                if (strcmp(knowngN[i].id, id)==0)
-                        return knowngN + i;
-                }
-        return NULL;
-        }
-#endif
author	tedu <>	2014-07-28 17:57:18 +0000
committer	tedu <>	2014-07-28 17:57:18 +0000
commit	9bf4aaa7e0515aa08e8a462348fc47d3fec0e831 (patch)
tree	808724802a47d43670e8dfd6f6050aba39dcf93e /src/lib/libcrypto/srp/srp_lib.c
parent	224cc55e7b0aa21110d14dd564e88e13893a294e (diff)
download	openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.tar.gz openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.tar.bz2 openbsd-9bf4aaa7e0515aa08e8a462348fc47d3fec0e831.zip

diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c deleted file mode 100644 index 1e96adc6a3..0000000000 --- a/src/lib/libcrypto/srp/srp_lib.c +++ /dev/null
@@ -1,376 +0,0 @@
1	/* $OpenBSD: srp_lib.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
2	/* Written by Christophe Renou (christophe.renou@edelweb.fr) with
3	* the precious help of Peter Sylvester (peter.sylvester@edelweb.fr)
4	* for the EdelKey project and contributed to the OpenSSL project 2004.
5	*/
6	/* ====================================================================
7	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in
18	* the documentation and/or other materials provided with the
19	* distribution.
20	*
21	* 3. All advertising materials mentioning features or use of this
22	* software must display the following acknowledgment:
23	* "This product includes software developed by the OpenSSL Project
24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25	*
26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	* endorse or promote products derived from this software without
28	* prior written permission. For written permission, please contact
29	* licensing@OpenSSL.org.
30	*
31	* 5. Products derived from this software may not be called "OpenSSL"
32	* nor may "OpenSSL" appear in their names without prior written
33	* permission of the OpenSSL Project.
34	*
35	* 6. Redistributions of any form whatsoever must retain the following
36	* acknowledgment:
37	* "This product includes software developed by the OpenSSL Project
38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	* OF THE POSSIBILITY OF SUCH DAMAGE.
52	* ====================================================================
53	*
54	* This product includes cryptographic software written by Eric Young
55	* (eay@cryptsoft.com). This product includes software written by Tim
56	* Hudson (tjh@cryptsoft.com).
57	*
58	*/
59
60	#include <openssl/opensslconf.h>
61
62	#ifndef OPENSSL_NO_SRP
63
64	#include <openssl/evp.h>
65	#include <openssl/srp.h>
66
67	#include "srp_lcl.h"
68
69	#if (BN_BYTES == 8)
70	# if defined(_LP64)
71	# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)\|(a2##UL<<32)\|(a3##UL<<16)\|a4##UL)
72	# else
73	# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)\|(a2##ULL<<32)\|(a3##ULL<<16)\|a4##ULL)
74	# endif
75	#elif (BN_BYTES == 4)
76	# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)\|a4##UL), ((a1##UL<<16)\|a2##UL)
77	#else
78	# error "unsupported BN_BYTES"
79	#endif
80
81
82	#include "srp_grps.h"
83
84	static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
85	{
86	/* k = SHA1(N \| PAD(g)) -- tls-srp draft 8 */
87
88	unsigned char digest[SHA_DIGEST_LENGTH];
89	unsigned char *tmp;
90	EVP_MD_CTX ctxt;
91	BIGNUM *ret = NULL;
92	int longg;
93	int longN = BN_num_bytes(N);
94
95	if ((tmp = malloc(longN)) == NULL)
96	return NULL;
97	BN_bn2bin(N,tmp);
98
99	EVP_MD_CTX_init(&ctxt);
100	if (!EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL))
101	goto err;
102	if (!EVP_DigestUpdate(&ctxt, tmp, longN))
103	goto err;
104
105	memset(tmp, 0, longN);
106	longg = BN_bn2bin(g,tmp);
107	/* use the zeros behind to pad on left */
108	if (!EVP_DigestUpdate(&ctxt, tmp + longg, longN-longg))
109	goto err;
110	if (!EVP_DigestUpdate(&ctxt, tmp, longg))
111	goto err;
112
113	if (!EVP_DigestFinal_ex(&ctxt, digest, NULL))
114	goto err;
115	ret = BN_bin2bn(digest, sizeof(digest), NULL);
116	err:
117	EVP_MD_CTX_cleanup(&ctxt);
118	free(tmp);
119	return ret;
120	}
121
122	BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
123	{
124	/* k = SHA1(PAD(A) \|\| PAD(B) ) -- tls-srp draft 8 */
125
126	BIGNUM *u;
127	unsigned char cu[SHA_DIGEST_LENGTH];
128	unsigned char *cAB;
129	EVP_MD_CTX ctxt;
130	int longN;
131	if ((A == NULL) \|\|(B == NULL) \|\| (N == NULL))
132	return NULL;
133
134	longN= BN_num_bytes(N);
135
136	if ((cAB = reallocarray(NULL, 2, longN)) == NULL)
137	return NULL;
138
139	memset(cAB, 0, longN);
140
141	EVP_MD_CTX_init(&ctxt);
142	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
143	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN);
144	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN);
145	free(cAB);
146	EVP_DigestFinal_ex(&ctxt, cu, NULL);
147	EVP_MD_CTX_cleanup(&ctxt);
148
149	if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
150	return NULL;
151	if (!BN_is_zero(u))
152	return u;
153	BN_free(u);
154	return NULL;
155	}
156
157	BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM b, BIGNUM N)
158	{
159	BIGNUM tmp = NULL, S = NULL;
160	BN_CTX *bn_ctx;
161
162	if (u == NULL \|\| A == NULL \|\| v == NULL \|\| b == NULL \|\| N == NULL)
163	return NULL;
164
165	if ((bn_ctx = BN_CTX_new()) == NULL \|\|
166	(tmp = BN_new()) == NULL \|\|
167	(S = BN_new()) == NULL )
168	goto err;
169
170	/* S = (Avu) * b */
171
172	if (!BN_mod_exp(tmp,v,u,N,bn_ctx))
173	goto err;
174	if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx))
175	goto err;
176	if (!BN_mod_exp(S,tmp,b,N,bn_ctx))
177	goto err;
178	err:
179	BN_CTX_free(bn_ctx);
180	BN_clear_free(tmp);
181	return S;
182	}
183
184	BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
185	{
186	BIGNUM kv = NULL, gb = NULL;
187	BIGNUM B = NULL, k = NULL;
188	BN_CTX *bn_ctx;
189
190	if (b == NULL \|\| N == NULL \|\| g == NULL \|\| v == NULL \|\|
191	(bn_ctx = BN_CTX_new()) == NULL)
192	return NULL;
193
194	if ( (kv = BN_new()) == NULL \|\|
195	(gb = BN_new()) == NULL \|\|
196	(B = BN_new())== NULL)
197	goto err;
198
199	/* B = g*b + kv */
200
201	if (!BN_mod_exp(gb,g,b,N,bn_ctx) \|\|
202	!(k = srp_Calc_k(N,g)) \|\|
203	!BN_mod_mul(kv,v,k,N,bn_ctx) \|\|
204	!BN_mod_add(B,gb,kv,N,bn_ctx))
205	{
206	BN_free(B);
207	B = NULL;
208	}
209	err:
210	BN_CTX_free(bn_ctx);
211	BN_clear_free(kv);
212	BN_clear_free(gb);
213	BN_free(k);
214	return B;
215	}
216
217	BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
218	{
219	unsigned char dig[SHA_DIGEST_LENGTH];
220	EVP_MD_CTX ctxt;
221	unsigned char *cs;
222
223	if ((s == NULL) \|\|
224	(user == NULL) \|\|
225	(pass == NULL))
226	return NULL;
227
228	if ((cs = malloc(BN_num_bytes(s))) == NULL)
229	return NULL;
230
231	EVP_MD_CTX_init(&ctxt);
232	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
233	EVP_DigestUpdate(&ctxt, user, strlen(user));
234	EVP_DigestUpdate(&ctxt, ":", 1);
235	EVP_DigestUpdate(&ctxt, pass, strlen(pass));
236	EVP_DigestFinal_ex(&ctxt, dig, NULL);
237
238	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
239	BN_bn2bin(s,cs);
240	EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
241	free(cs);
242	EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
243	EVP_DigestFinal_ex(&ctxt, dig, NULL);
244	EVP_MD_CTX_cleanup(&ctxt);
245
246	return BN_bin2bn(dig, sizeof(dig), NULL);
247	}
248
249	BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
250	{
251	BN_CTX *bn_ctx;
252	BIGNUM * A = NULL;
253
254	if (a == NULL \|\| N == NULL \|\| g == NULL \|\|
255	(bn_ctx = BN_CTX_new()) == NULL)
256	return NULL;
257
258	if ((A = BN_new()) != NULL &&
259	!BN_mod_exp(A,g,a,N,bn_ctx))
260	{
261	BN_free(A);
262	A = NULL;
263	}
264	BN_CTX_free(bn_ctx);
265	return A;
266	}
267
268
269	BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM x, BIGNUM a, BIGNUM *u)
270	{
271	BIGNUM tmp = NULL, tmp2 = NULL, tmp3 = NULL , k = NULL, *K = NULL;
272	BIGNUM *ret = NULL;
273	BN_CTX *bn_ctx;
274
275	if (u == NULL \|\| B == NULL \|\| N == NULL \|\| g == NULL \|\| x == NULL \|\| a == NULL \|\|
276	(bn_ctx = BN_CTX_new()) == NULL)
277	return NULL;
278
279	if ((tmp = BN_new()) == NULL \|\|
280	(tmp2 = BN_new())== NULL \|\|
281	(tmp3 = BN_new())== NULL \|\|
282	(K = BN_new()) == NULL)
283	goto err;
284
285	if (!BN_mod_exp(tmp,g,x,N,bn_ctx))
286	goto err;
287	if (!(k = srp_Calc_k(N,g)))
288	goto err;
289	if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx))
290	goto err;
291	if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx))
292	goto err;
293
294	if (!BN_mod_mul(tmp3,u,x,N,bn_ctx))
295	goto err;
296	if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx))
297	goto err;
298	if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx))
299	goto err;
300
301	ret = K;
302	K = NULL;
303
304	err :
305	BN_CTX_free(bn_ctx);
306	BN_clear_free(tmp);
307	BN_clear_free(tmp2);
308	BN_clear_free(tmp3);
309	BN_free(k);
310	BN_clear_free(K);
311	return ret;
312	}
313
314	int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
315	{
316	BIGNUM *r;
317	BN_CTX *bn_ctx;
318	int ret = 0;
319
320	if (B == NULL \|\| N == NULL \|\|
321	(bn_ctx = BN_CTX_new()) == NULL)
322	return 0;
323
324	if ((r = BN_new()) == NULL)
325	goto err;
326	/* Checks if B % N == 0 */
327	if (!BN_nnmod(r,B,N,bn_ctx))
328	goto err;
329	ret = !BN_is_zero(r);
330	err:
331	BN_CTX_free(bn_ctx);
332	BN_free(r);
333	return ret;
334	}
335
336	int SRP_Verify_A_mod_N(BIGNUM A, BIGNUM N)
337	{
338	/* Checks if A % N == 0 */
339	return SRP_Verify_B_mod_N(A,N) ;
340	}
341
342
343	/* Check if G and N are kwown parameters.
344	The values have been generated from the ietf-tls-srp draft version 8
345	*/
346	char SRP_check_known_gN_param(BIGNUM g, BIGNUM *N)
347	{
348	size_t i;
349	if ((g == NULL) \|\| (N == NULL))
350	return 0;
351
352	srp_bn_print(g);
353	srp_bn_print(N);
354
355	for(i = 0; i < KNOWN_GN_NUMBER; i++)
356	{
357	if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
358	return knowngN[i].id;
359	}
360	return NULL;
361	}
362
363	SRP_gN SRP_get_default_gN(const char id)
364	{
365	size_t i;
366
367	if (id == NULL)
368	return knowngN;
369	for(i = 0; i < KNOWN_GN_NUMBER; i++)
370	{
371	if (strcmp(knowngN[i].id, id)==0)
372	return knowngN + i;
373	}
374	return NULL;
375	}
376	#endif